crypto: reconsile oneshot sign/verify sync and async implementations

Author: panva

benchmark/crypto/oneshot-sign-verify.js

@@ -0,0 +1,51 @@
+'use strict';
+
+const common = require('../common.js');
+const crypto = require('crypto');
+const fs = require('fs');
+const path = require('path');
+const fixtures_keydir = path.resolve(__dirname, '../../test/fixtures/keys/');
+const keys = {
+  publicKey: crypto.createPublicKey(
+    fs.readFileSync(`${fixtures_keydir}/ed25519_public.pem`)),
+  privateKey: crypto.createPrivateKey(
+    fs.readFileSync(`${fixtures_keydir}/ed25519_private.pem`)),
+};
+
+const data = crypto.randomBytes(256);
+const args = [null, data];
+
+const bench = common.createBenchmark(main, {
+  sync: [0, 1],
+  n: [1e4],
+});
+
+function measureSync(n) {
+  bench.start();
+  for (let i = 0; i < n; ++i) {
+    crypto.verify(...args, keys.publicKey,
+                  crypto.sign(...args, keys.privateKey));
+  }
+  bench.end(n);
+}
+
+function measureAsync(n) {
+  let remaining = n;
+  function done() {
+    if (--remaining === 0)
+      bench.end(n);
+  }
+  bench.start();
+  for (let i = 0; i < n; ++i) {
+    crypto.sign(...args, keys.privateKey, (err, signature) => {
+      crypto.verify(...args, keys.publicKey, signature, done);
+    });
+  }
+}
+
+function main({ n, sync }) {
+  if (sync)
+    measureSync(n);
+  else
+    measureAsync(n);
+}

lib/internal/crypto/dsa.js

@@ -251,12 +251,15 @@ function dsaSignVerify(key, data, algorithm, signature) {
     kCryptoJobAsync,
     signature === undefined ? kSignJobModeSign : kSignJobModeVerify,
     key[kKeyObject][kHandle],
+    undefined,
+    undefined,
+    undefined,
     data,
     normalizeHashName(key.algorithm.hash.name),
     undefined,  // Salt-length is not used in DSA
     undefined,  // Padding is not used in DSA
-    signature,
-    kSigEncDER));
+    kSigEncDER,
+    signature));
 }
 
 module.exports = {

lib/internal/crypto/ec.js

@@ -467,12 +467,15 @@ function ecdsaSignVerify(key, data, { name, hash }, signature) {
     kCryptoJobAsync,
     mode,
     key[kKeyObject][kHandle],
+    undefined,
+    undefined,
+    undefined,
     data,
     hashname,
     undefined,  // Salt length, not used with ECDSA
     undefined,  // PSS Padding, not used with ECDSA
-    signature,
-    kSigEncP1363));
+    kSigEncP1363,
+    signature));
 }
 
 module.exports = {

lib/internal/crypto/rsa.js

@@ -356,10 +356,14 @@ function rsaSignVerify(key, data, { saltLength }, signature) {
     kCryptoJobAsync,
     signature === undefined ? kSignJobModeSign : kSignJobModeVerify,
     key[kKeyObject][kHandle],
+    undefined,
+    undefined,
+    undefined,
     data,
     normalizeHashName(key.algorithm.hash.name),
     saltLength,
     padding,
+    undefined,
     signature));
 }
 

lib/internal/crypto/sig.js

@@ -24,9 +24,8 @@ const {
   Sign: _Sign,
   SignJob,
   Verify: _Verify,
-  signOneShot: _signOneShot,
-  verifyOneShot: _verifyOneShot,
   kCryptoJobAsync,
+  kCryptoJobSync,
   kSigEncDER,
   kSigEncP1363,
   kSignJobModeSign,
@@ -40,10 +39,6 @@ const {
 } = require('internal/crypto/util');
 
 const {
-  createPrivateKey,
-  createPublicKey,
-  isCryptoKey,
-  isKeyObject,
   preparePrivateKey,
   preparePublicOrPrivateKey,
 } = require('internal/crypto/keys');
@@ -162,38 +157,34 @@ function signOneShot(algorithm, data, key, callback) {
   // Options specific to (EC)DSA
   const dsaSigEnc = getDSASignatureEncoding(key);
 
-  if (!callback) {
-    const {
-      data: keyData,
-      format: keyFormat,
-      type: keyType,
-      passphrase: keyPassphrase
-    } = preparePrivateKey(key);
-
-    return _signOneShot(keyData, keyFormat, keyType, keyPassphrase, data,
-                        algorithm, rsaPadding, pssSaltLength, dsaSigEnc);
-  }
-
-  let keyData;
-  if (isKeyObject(key) || isCryptoKey(key)) {
-    ({ data: keyData } = preparePrivateKey(key));
-  } else if (key != null && (isKeyObject(key.key) || isCryptoKey(key.key))) {
-    ({ data: keyData } = preparePrivateKey(key.key));
-  } else {
-    keyData = createPrivateKey(key)[kHandle];
-  }
+  const {
+    data: keyData,
+    format: keyFormat,
+    type: keyType,
+    passphrase: keyPassphrase
+  } = preparePrivateKey(key);
 
   const job = new SignJob(
-    kCryptoJobAsync,
+    callback ? kCryptoJobAsync : kCryptoJobSync,
     kSignJobModeSign,
     keyData,
+    keyFormat,
+    keyType,
+    keyPassphrase,
     data,
     algorithm,
     pssSaltLength,
     rsaPadding,
-    undefined,
     dsaSigEnc);
 
+  if (!callback) {
+    const { 0: err, 1: signature } = job.run();
+    if (err !== undefined)
+      throw err;
+
+    return Buffer.from(signature);
+  }
+
   job.ondone = (error, signature) => {
     if (error) return FunctionPrototypeCall(callback, job, error);
     FunctionPrototypeCall(callback, job, null, Buffer.from(signature));
@@ -272,38 +263,34 @@ function verifyOneShot(algorithm, data, key, signature, callback) {
     );
   }
 
-  if (!callback) {
-    const {
-      data: keyData,
-      format: keyFormat,
-      type: keyType,
-      passphrase: keyPassphrase
-    } = preparePublicOrPrivateKey(key);
-
-    return _verifyOneShot(keyData, keyFormat, keyType, keyPassphrase,
-                          signature, data, algorithm, rsaPadding,
-                          pssSaltLength, dsaSigEnc);
-  }
-
-  let keyData;
-  if (isKeyObject(key) || isCryptoKey(key)) {
-    ({ data: keyData } = preparePublicOrPrivateKey(key));
-  } else if (key != null && (isKeyObject(key.key) || isCryptoKey(key.key))) {
-    ({ data: keyData } = preparePublicOrPrivateKey(key.key));
-  } else {
-    keyData = createPublicKey(key)[kHandle];
-  }
+  const {
+    data: keyData,
+    format: keyFormat,
+    type: keyType,
+    passphrase: keyPassphrase
+  } = preparePublicOrPrivateKey(key);
 
   const job = new SignJob(
-    kCryptoJobAsync,
+    callback ? kCryptoJobAsync : kCryptoJobSync,
     kSignJobModeVerify,
     keyData,
+    keyFormat,
+    keyType,
+    keyPassphrase,
     data,
     algorithm,
     pssSaltLength,
     rsaPadding,
-    signature,
-    dsaSigEnc);
+    dsaSigEnc,
+    signature);
+
+  if (!callback) {
+    const { 0: err, 1: result } = job.run();
+    if (err !== undefined)
+      throw err;
+
+    return result;
+  }
 
   job.ondone = (error, result) => {
     if (error) return FunctionPrototypeCall(callback, job, error);